10273 matches found
MAL-2024-11647 Malicious code in nezur (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b50feb48c96e1118a7a347159715ad52cef02efdc463783eb9edcc5f33b6bbad Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-9943 Malicious code in artindex (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3f19c3c0f0a7d0edd2a53f7c3879706561e0e7d4596b11e9eebbb1d896e90a46 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-10158 Malicious code in roinject (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 abe077384854dc3572befe16d9f41d68fec2a7dbbc8d38884c526bacf0447318 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-10144 Malicious code in pytrv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d2f680e10e34dddd65afc0a09e3bc0c05dfb8cbaa5f02f5f0eb6ece5848498f0 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-10027 Malicious code in ezauto (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4d5e63bafe0b12244a82ffbde9bcf5eaf32ba47034bcd84168efb7f9e2becf9a Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-10157 Malicious code in rodll (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 371166aacf4728718533b433b86908bce1066651f8fb12d3b6a2685612218386 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
Malicious code in pytskcheck (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 25d82b24b022549617724628ccd6d11da9cc713daffc187cc3531b5bf3ef07e8 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-9966 Malicious code in dahood (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b9cc2a4186b5ad68e11dc68aa719583b8f3a746c9f13b8b3b950f9653df0e909 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-11672 Malicious code in pydllcfg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 94960ddaf12ee1269aaab9abf1893d320ae2ff50fbd17ff4773edab18e7e3a11 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-10111 Malicious code in pyadd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 67e5e3d0aff485ca2bf6f83151e1ecfae4a9b9335db657c72142ac9fd034250e Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-9940 Malicious code in antibyfron (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b18b332b0269a1ac32574b6676f3c4a5d85c8bc7d64519987a8ad8d740038331 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-11581 Malicious code in embeds (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 46ae6a18503196c40e7fd1759d8a68025e6a980a64821c2a1232b7f76fbc2779 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-10119 Malicious code in pyloy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 44deac488d2a8cdb533662db66592095a36ab35a491b4e9415c597cde0d37eab Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack
A new supply chain attack technique targeting the Python Package Index PyPI registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used t...
pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-43.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20240903.txt. If you are...
`spam` project on PyPI compromised, malicious releases made
The spam project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...
GHSA-2R6G-7R83-JG72 `spam` project on PyPI compromised, malicious releases made
The spam project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...
`exotel` project on PyPI compromised, malicious release made
The exotel project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...
GHSA-X6XG-3FJ2-4PQ3 `exotel` project on PyPI compromised, malicious release made
The exotel project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...
PT-2024-40032 · Pypi · Spam
Name of the Vulnerable Software and Affected Versions: spam project on PyPI affected versions not specified Description: The issue concerns a compromise of the spam project on PyPI via a phishing attack, leading to a malicious release that downloads and runs malware at install time by accessing...